public function init($extra) { require_once '../model/Error.inc.php'; if ($this->profile) { Zotero_DB::profileStart($this->profileShard); } $this->startTime = microtime(true); // Inflate gzipped data if (!empty($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'gzip') { $gzdata = file_get_contents('php://input'); // Firefox 12 and above include the standard gzip header, // which needs to be stripped if (substr($gzdata, 0, 3) == chr(31) . chr(139) . chr(8)) { // 1F 8B 08 $gzdata = substr($gzdata, 10); } $data = gzinflate($gzdata); parse_str($data, $_POST); foreach ($_POST as $key => $val) { $_REQUEST[$key] = $val; } } $this->responseXML = Zotero_Sync::getResponseXML(); //if (!Z_CONFIG::$SYNC_ENABLED && $_SERVER["REMOTE_ADDR"] != '') { if (!Z_CONFIG::$SYNC_ENABLED) { $this->error(503, 'SERVER_ERROR', Z_CONFIG::$MAINTENANCE_MESSAGE); } if (empty($_REQUEST['version'])) { if ($this->action == 'index') { echo "Nothing to see here."; exit; } $this->error(400, 'NO_API_VERSION', "API version not specified"); } $upgradeMessage = "Due to improvements made to sync functionality, you must upgrade to Zotero 3.0 or later from zotero.org to sync your Zotero library."; if (isset($_SERVER['HTTP_X_ZOTERO_VERSION'])) { require_once '../model/ToolkitVersionComparator.inc.php'; // Avoid infinite loop due to client bug if ($_SERVER['HTTP_X_ZOTERO_VERSION'] == "2.0b6") { die("Please upgrade to the latest version of Zotero from zotero.org."); } else { if (ToolkitVersionComparator::compare($_SERVER['HTTP_X_ZOTERO_VERSION'], "3.0") < 0) { $this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage); } else { if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/17") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/18") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/19") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/20") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/21") !== false || strpos($_SERVER['HTTP_USER_AGENT'], "Firefox/22") !== false) && ToolkitVersionComparator::compare($_SERVER['HTTP_X_ZOTERO_VERSION'], "3.0.9") < 0) { $this->error(400, 'UPGRADE_REQUIRED', "Your version of Zotero is not compatible with Firefox 17 or later. Please upgrade to the latest version of Zotero from zotero.org."); } } } } if (!in_array($_REQUEST['version'], $this->validAPIVersions)) { if ($_REQUEST['version'] < 9) { $this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage); } $this->error(400, 'INVALID_API_VERSION', "Invalid request API version '{$_REQUEST['version']}'"); } $this->apiVersion = (int) $_REQUEST['version']; $this->responseXML['version'] = $this->apiVersion; }
public function __construct($action, $settings, $extra) { require_once '../model/Error.inc.php'; if ($this->profile) { Zotero_DB::profileStart($this->profileShard); } $this->startTime = microtime(true); // Inflate gzipped data if (!empty($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'gzip') { $gzdata = file_get_contents('php://input'); // Firefox 12 and above include the standard gzip header, // which needs to be stripped if (substr($gzdata, 0, 3) == chr(31) . chr(139) . chr(8)) { // 1F 8B 08 $gzdata = substr($gzdata, 10); } $data = gzinflate($gzdata); parse_str($data, $_POST); foreach ($_POST as $key => $val) { $_REQUEST[$key] = $val; } } $this->responseXML = Zotero_Sync::getResponseXML(); //if (!Z_CONFIG::$SYNC_ENABLED && $_SERVER["REMOTE_ADDR"] != '') { if (!Z_CONFIG::$SYNC_ENABLED) { $this->error(503, 'SERVER_ERROR', Z_CONFIG::$MAINTENANCE_MESSAGE); } if (empty($_REQUEST['version'])) { if ($action == 'index') { echo "Nothing to see here."; exit; } $this->error(400, 'NO_API_VERSION', "API version not specified"); } $upgradeMessage = "Due to improvements made to sync functionality, you must upgrade to Zotero 2.0 or later (via Firefox's Tools menu -> Add-ons -> Extensions -> Find Updates or from zotero.org) to sync your Zotero library."; if (isset($_SERVER['HTTP_X_ZOTERO_VERSION'])) { require_once '../model/ToolkitVersionComparator.inc.php'; if ($_SERVER['HTTP_X_ZOTERO_VERSION'] == "2.0b6") { die("Please upgrade to Zotero 2.0 via Tools -> Add-ons -> Extensions -> Find Updates or from zotero.org."); } else { if (preg_match("/2.0b[0-9].SVN/", $_SERVER['HTTP_X_ZOTERO_VERSION'])) { // Can't use version for SVN builds } else { if (ToolkitVersionComparator::compare($_SERVER['HTTP_X_ZOTERO_VERSION'], "2.0rc.r5716") < 0) { $this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage); } } } } if (!in_array($_REQUEST['version'], $this->validAPIVersions)) { if ($_REQUEST['version'] < 8) { $this->error(400, 'UPGRADE_REQUIRED', $upgradeMessage); } $this->error(400, 'INVALID_API_VERSION', "Invalid request API version '{$_REQUEST['version']}'"); } $this->apiVersion = (int) $_REQUEST['version']; $this->responseXML['version'] = $this->apiVersion; }
public function init($extra) { $this->startTime = microtime(true); if (!Z_CONFIG::$API_ENABLED) { $this->e503(Z_CONFIG::$MAINTENANCE_MESSAGE); } set_exception_handler(array($this, 'handleException')); // TODO: Throw error on some notices but allow DB/Memcached/etc. failures? //set_error_handler(array($this, 'handleError'), E_ALL | E_USER_ERROR | E_RECOVERABLE_ERROR); set_error_handler(array($this, 'handleError'), E_USER_ERROR | E_RECOVERABLE_ERROR); require_once '../model/Error.inc.php'; // On testing sites, include notifications in headers if (Z_CONFIG::$TESTING_SITE) { Zotero_NotifierObserver::addMessageReceiver(function ($topic, $msg) { $header = "Zotero-Debug-Notifications"; if (!empty($this->headers[$header])) { $notifications = json_decode(base64_decode($this->headers[$header])); } else { $notifications = []; } $notifications[] = $msg; $this->headers[$header] = base64_encode(json_encode($notifications)); }); } register_shutdown_function(array($this, 'checkDBTransactionState')); register_shutdown_function(array($this, 'logTotalRequestTime')); register_shutdown_function(array($this, 'checkForFatalError')); register_shutdown_function(array($this, 'addHeaders')); $this->method = $_SERVER['REQUEST_METHOD']; if (!in_array($this->method, array('HEAD', 'OPTIONS', 'GET', 'PUT', 'POST', 'DELETE', 'PATCH'))) { $this->e501(); } StatsD::increment("api.request.method." . strtolower($this->method), 0.25); // There doesn't seem to be a way for PHP to start processing the request // before the entire body is sent, so an Expect: 100 Continue will, // depending on the client, either fail or cause a delay while the client // waits for the 100 response. To make this explicit, we return an error. if (!empty($_SERVER['HTTP_EXPECT'])) { header("HTTP/1.1 417 Expectation Failed"); die("Expect header is not supported"); } // CORS if (isset($_SERVER['HTTP_ORIGIN'])) { header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE"); header("Access-Control-Allow-Headers: Content-Type, If-Match, If-None-Match, If-Modified-Since-Version, If-Unmodified-Since-Version, Zotero-API-Version, Zotero-Write-Token"); header("Access-Control-Expose-Headers: Backoff, ETag, Last-Modified-Version, Link, Retry-After, Total-Results, Zotero-API-Version"); } if ($this->method == 'OPTIONS') { $this->end(); } if (in_array($this->method, array('POST', 'PUT', 'PATCH'))) { $this->ifUnmodifiedSince = isset($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) : false; $this->body = file_get_contents("php://input"); if ($this->body == "" && !in_array($this->action, array('clear', 'laststoragesync', 'removestoragefiles', 'itemContent'))) { $this->e400("{$this->method} data not provided"); } } if ($this->profile) { Zotero_DB::profileStart(); } // If HTTP Basic Auth credentials provided, authenticate if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; if ($username == Z_CONFIG::$API_SUPER_USERNAME && $password == Z_CONFIG::$API_SUPER_PASSWORD) { $this->userID = 0; $this->permissions = new Zotero_Permissions(); $this->permissions->setSuper(); } else { if (!empty($extra['allowHTTP']) || !empty($extra['auth'])) { $userID = Zotero_Users::authenticate('password', array('username' => $username, 'password' => $password)); if (!$userID) { $this->e401('Invalid login'); } $this->httpAuth = true; $this->userID = $userID; $this->grantUserPermissions($userID); } } } if (!isset($this->userID)) { $key = false; // Allow Zotero-API-Key header if (!empty($_SERVER['HTTP_ZOTERO_API_KEY'])) { $key = $_SERVER['HTTP_ZOTERO_API_KEY']; } // Allow ?key=<apikey> if (isset($_GET['key'])) { if (!$key) { $key = $_GET['key']; } else { if ($_GET['key'] !== $key) { $this->e400("Zotero-API-Key header and 'key' parameter differ"); } } } // If neither of the above passed, allow "Authorization: Bearer <apikey>" // // Apache/mod_php doesn't seem to make Authorization available for auth schemes // other than Basic/Digest, so use an Apache-specific method to get the header if (!$key && function_exists('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers['Authorization'])) { // Look for "Authorization: Bearer" from OAuth 2.0, and ignore everything else if (preg_match('/^bearer/i', $headers['Authorization'], $matches)) { if (preg_match('/^bearer +([a-z0-9]+)$/i', $headers['Authorization'], $matches)) { $key = $matches[1]; } else { $this->e400("Invalid Authorization header format"); } } } } if ($key) { $keyObj = Zotero_Keys::authenticate($key); if (!$keyObj) { $this->e403('Invalid key'); } $this->apiKey = $key; $this->userID = $keyObj->userID; $this->permissions = $keyObj->getPermissions(); // Check Zotero-Write-Token if it exists to make sure // this isn't a duplicate request if ($this->isWriteMethod()) { if ($cacheKey = $this->getWriteTokenCacheKey()) { if (Z_Core::$MC->get($cacheKey)) { $this->e412("Write token already used"); } } } } else { if (!empty($_GET['session']) && ($this->userID = Zotero_Users::getUserIDFromSessionID($_GET['session']))) { // Users who haven't synced may not exist in our DB if (!Zotero_Users::exists($this->userID)) { Zotero_Users::add($this->userID); } $this->grantUserPermissions($this->userID); $this->cookieAuth = true; } else { if (!empty($_GET['auth']) || !empty($extra['auth'])) { $this->e401(); } // Explicit auth request or not a GET request // // /users/<id>/keys is an exception, since the key is embedded in the URL if ($this->method != "GET" && $this->action != 'keys') { $this->e403('An API key is required for write requests.'); } // Anonymous request $this->permissions = new Zotero_Permissions(); $this->permissions->setAnonymous(); } } } $this->uri = Z_CONFIG::$API_BASE_URI . substr($_SERVER["REQUEST_URI"], 1); // Get object user if (isset($this->objectUserID)) { if (!$this->objectUserID) { $this->e400("Invalid user ID", Z_ERROR_INVALID_INPUT); } try { $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) { try { Zotero_Users::addFromWWW($this->objectUserID); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) { $this->e404("User {$this->objectUserID} not found"); } throw $e; } $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID); } else { throw $e; } } // Make sure user isn't banned if (!Zotero_Users::isValidUser($this->objectUserID)) { $this->e404(); } } else { if (isset($this->objectGroupID)) { if (!$this->objectGroupID) { $this->e400("Invalid group ID", Z_ERROR_INVALID_INPUT); } // Make sure group exists $group = Zotero_Groups::get($this->objectGroupID); if (!$group) { $this->e404(); } // Don't show groups owned by banned users if (!Zotero_Users::isValidUser($group->ownerUserID)) { $this->e404(); } $this->objectLibraryID = Zotero_Groups::getLibraryIDFromGroupID($this->objectGroupID); } } $apiVersion = !empty($_SERVER['HTTP_ZOTERO_API_VERSION']) ? (int) $_SERVER['HTTP_ZOTERO_API_VERSION'] : false; // Serve v1 to ZotPad 1.x, at Mikko's request if (!$apiVersion && !empty($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'ZotPad 1') === 0) { $apiVersion = 1; } // For publications URLs (e.g., /users/:userID/publications/items), swap in // objectLibraryID of user's publications library if (!empty($extra['publications'])) { // Query parameters not yet parsed, so check version parameter if ($apiVersion && $apiVersion < 3 || !empty($_REQUEST['v']) && $_REQUEST['v'] < 3 || !empty($_REQUEST['version']) && $_REQUEST['version'] == 1) { $this->e404(); } $userLibraryID = $this->objectLibraryID; $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID, 'publications'); // If one doesn't exist, for write requests create a library if the key // has write permission to the user library. For read requests, just // return a 404. if (!$this->objectLibraryID) { if ($this->isWriteMethod()) { if (!$this->permissions->canAccess($userLibraryID) || !$this->permissions->canWrite($userLibraryID)) { $this->e403(); } $this->objectLibraryID = Zotero_Publications::add($this->objectUserID); } else { $this->objectLibraryID = 0; } } } // Return 409 if target library is locked switch ($this->method) { case 'POST': case 'PUT': case 'DELETE': switch ($this->action) { // Library lock doesn't matter for some admin requests case 'keys': case 'storageadmin': break; default: if ($this->objectLibraryID && Zotero_Libraries::isLocked($this->objectLibraryID)) { $this->e409("Target library is locked"); } break; } } $this->scopeObject = !empty($extra['scopeObject']) ? $extra['scopeObject'] : $this->scopeObject; $this->subset = !empty($extra['subset']) ? $extra['subset'] : $this->subset; $this->fileMode = !empty($extra['file']) ? !empty($_GET['info']) ? 'info' : 'download' : false; $this->fileView = !empty($extra['view']); $this->singleObject = $this->objectKey && !$this->subset; $this->checkLibraryIfModifiedSinceVersion($this->action); // If Accept header includes application/atom+xml, send Atom, as long as there's no 'format' $atomAccepted = false; if (!empty($_SERVER['HTTP_ACCEPT'])) { $accept = preg_split('/\\s*,\\s*/', $_SERVER['HTTP_ACCEPT']); $atomAccepted = in_array('application/atom+xml', $accept); } $this->queryParams = Zotero_API::parseQueryParams($_SERVER['QUERY_STRING'], $this->action, $this->singleObject, $apiVersion, $atomAccepted); // Sorting by Item Type or Added By currently require writing to shard tables, so don't // send those to the read replicas if ($this->queryParams['sort'] == 'itemType' || $this->queryParams['sort'] == 'addedBy') { Zotero_DB::readOnly(false); } $this->apiVersion = $version = $this->queryParams['v']; header("Zotero-API-Version: " . $version); StatsD::increment("api.request.version.v" . $version, 0.25); }
public function __construct($action, $settings, $extra) { if (!Z_CONFIG::$API_ENABLED) { $this->e503(Z_CONFIG::$MAINTENANCE_MESSAGE); } set_exception_handler(array($this, 'handleException')); set_error_handler(array($this, 'handleError'), E_USER_ERROR); require_once '../model/Error.inc.php'; $this->startTime = microtime(true); $this->method = $_SERVER['REQUEST_METHOD']; /*if (isset($_SERVER['REMOTE_ADDR']) && in_array($_SERVER['REMOTE_ADDR'], array(''))) { header("HTTP/1.1 429 Rate Limited"); die("Too many requests"); }*/ if (!in_array($this->method, array('HEAD', 'GET', 'PUT', 'POST', 'DELETE', 'PATCH'))) { header("HTTP/1.1 501 Not Implemented"); die("Method is not implemented"); } // There doesn't seem to be a way for PHP to start processing the request // before the entire body is sent, so an Expect: 100 Continue will, // depending on the client, either fail or cause a delay while the client // waits for the 100 response. To make this explicit, we return an error. if (!empty($_SERVER['HTTP_EXPECT'])) { header("HTTP/1.1 417 Expectation Failed"); die("Expect header is not supported"); } if (in_array($this->method, array('POST', 'PUT', 'PATCH'))) { $this->ifUnmodifiedSince = isset($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) : false; $this->body = file_get_contents("php://input"); } if ($this->profile) { Zotero_DB::profileStart($this->profileShard); } // If HTTP Basic Auth credentials provided, authenticate if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; if ($username == Z_CONFIG::$API_SUPER_USERNAME && $password == Z_CONFIG::$API_SUPER_PASSWORD) { $this->userID = 0; $this->permissions = new Zotero_Permissions(); $this->permissions->setSuper(); } else { if (!empty($extra['allowHTTP'])) { $userID = Zotero_Users::authenticate('password', array('username' => $username, 'password' => $password)); if (!$userID) { $this->e401('Invalid login'); } $this->httpAuth = true; $this->userID = $userID; $this->grantUserPermissions($userID); } else { $this->e401('Invalid login'); } } } else { if (isset($_GET['key'])) { $keyObj = Zotero_Keys::authenticate($_GET['key']); if (!$keyObj) { $this->e403('Invalid key'); } $this->apiKey = $_GET['key']; $this->userID = $keyObj->userID; $this->permissions = $keyObj->getPermissions(); // Check X-Zotero-Write-Token if it exists to make sure if ($this->method == 'POST' || $this->method == 'PUT') { if ($cacheKey = $this->getWriteTokenCacheKey()) { if (Z_Core::$MC->get($cacheKey)) { $this->e412("Write token already used"); } } } } else { if (!empty($_COOKIE) && !empty($_GET['session']) && ($this->userID = Zotero_Users::getUserIDFromSession($_COOKIE, $_GET['session']))) { $this->grantUserPermissions($this->userID); $this->cookieAuth = true; } else { if (!empty($_GET['auth'])) { $this->e401(); } // Always challenge a 'me' request if (!empty($extra['userID']) && $extra['userID'] == 'me') { $this->e403('You must specify a key when making a /me request.'); } // Explicit auth request or not a GET request if ($this->method != "GET") { $this->e403('You must specify a key to access the Zotero API.'); } // Anonymous request $this->permissions = new Zotero_Permissions(); $this->permissions->setAnonymous(); } } } // Get the API version if (empty($_REQUEST['version'])) { $this->apiVersion = $this->defaultAPIVersion; } else { if (!in_array($_REQUEST['version'], $this->validAPIVersions)) { $this->e400("Invalid request API version '{$_REQUEST['version']}'"); } $this->apiVersion = (int) $_REQUEST['version']; } $this->uri = Z_CONFIG::$API_BASE_URI . substr($_SERVER["REQUEST_URI"], 1); // Get object user if (!empty($extra['userID'])) { // Possibly temporary shortcut for viewing one's own data via HTTP Auth if ($extra['userID'] == 'me') { $objectUserID = $this->userID; } else { $objectUserID = (int) $extra['userID']; if (!$objectUserID) { $this->e400("Invalid user ID", Z_ERROR_INVALID_INPUT); } } $this->objectUserID = $objectUserID; try { $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($objectUserID); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) { try { Zotero_Users::addFromWWW($objectUserID); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) { $this->e404(); } throw $e; } $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($objectUserID); } else { throw $e; } } // Make sure user isn't banned if (!Zotero_Users::isValidUser($objectUserID)) { $this->e404(); } } else { if (!empty($extra['groupID'])) { $objectGroupID = (int) $extra['groupID']; if (!$objectGroupID) { $this->e400("Invalid group ID", Z_ERROR_INVALID_INPUT); } // Make sure group exists $group = Zotero_Groups::get($objectGroupID); if (!$group) { $this->e404(); } // Don't show groups owned by banned users if (!Zotero_Users::isValidUser($group->ownerUserID)) { $this->e404(); } $this->objectGroupID = $objectGroupID; $this->objectLibraryID = Zotero_Groups::getLibraryIDFromGroupID($objectGroupID); } } // Return 409 if target library is locked switch ($this->method) { case 'POST': case 'PUT': case 'DELETE': switch ($action) { // Library lock doesn't matter for some admin requests case 'storageadmin': break; default: if ($this->objectLibraryID && Zotero_Libraries::isLocked($this->objectLibraryID)) { $this->e409("Target library is locked"); } break; } } $this->scopeObject = !empty($extra['scopeObject']) ? $extra['scopeObject'] : null; $this->scopeObjectID = !empty($extra['scopeObjectID']) ? (int) $extra['scopeObjectID'] : null; if (!empty($extra['scopeObjectKey'])) { // Handle incoming requests using ids instead of keys // - Keys might be all numeric, so only do this if length != 8 if (preg_match('/^[0-9]+$/', $extra['scopeObjectKey']) && strlen($extra['scopeObjectKey']) != 8) { $this->scopeObjectID = (int) $extra['scopeObjectKey']; } else { if (preg_match('/[A-Z0-9]{8}/', $extra['scopeObjectKey'])) { $this->scopeObjectKey = $extra['scopeObjectKey']; } } } $this->scopeObjectName = !empty($extra['scopeObjectName']) ? urldecode($extra['scopeObjectName']) : null; // Can be either id or key if (!empty($extra['key'])) { if (!empty($_GET['key']) && strlen($_GET['key']) == 8) { $this->objectKey = $extra['key']; } else { if (!empty($_GET['iskey'])) { $this->objectKey = $extra['key']; } else { if (preg_match('/^[0-9]+$/', $extra['key'])) { $this->objectID = (int) $extra['key']; } else { if (preg_match('/^[A-Z0-9]{8}$/', $extra['key'])) { $this->objectKey = $extra['key']; } else { if ($extra['key'] != 'top') { Z_Core::logError("============="); Z_Core::logError("Invalid key"); Z_Core::logError($extra['key']); } } } } } } if (!empty($extra['id'])) { $this->objectID = (int) $extra['id']; } $this->objectName = !empty($extra['name']) ? urldecode($extra['name']) : null; $this->subset = !empty($extra['subset']) ? $extra['subset'] : null; $this->fileMode = !empty($extra['file']) ? !empty($_GET['info']) ? 'info' : 'download' : false; $this->fileView = !empty($extra['view']); $singleObject = ($this->objectID || $this->objectKey) && !$this->subset; $this->queryParams = Zotero_API::parseQueryParams($_SERVER['QUERY_STRING'], $action, $singleObject); }
private static function processUploadInternal($userID, SimpleXMLElement $xml, $syncQueueID = null, $syncProcessID = null) { $userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID); $affectedLibraries = self::parseAffectedLibraries($xml->asXML()); // Relations-only uploads don't have affected libraries if (!$affectedLibraries) { $affectedLibraries = array(Zotero_Users::getLibraryIDFromUserID($userID)); } $processID = self::addUploadProcess($userID, $affectedLibraries, $syncQueueID, $syncProcessID); set_time_limit(5400); $profile = false; if ($profile) { $shardID = Zotero_Shards::getByUserID($userID); Zotero_DB::profileStart($shardID); } try { Zotero_DB::beginTransaction(); // Mark libraries as updated foreach ($affectedLibraries as $libraryID) { Zotero_Libraries::updateVersion($libraryID); } $timestamp = Zotero_Libraries::updateTimestamps($affectedLibraries); Zotero_DB::registerTransactionTimestamp($timestamp); // Make sure no other upload sessions use this same timestamp // for any of these libraries, since we return >= 1 as the next // last sync time if (!Zotero_Libraries::setTimestampLock($affectedLibraries, $timestamp)) { throw new Exception("Library timestamp already used", Z_ERROR_LIBRARY_TIMESTAMP_ALREADY_USED); } $modifiedItems = array(); // Add/update creators if ($xml->creators) { // DOM $keys = array(); $xmlElements = dom_import_simplexml($xml->creators); $xmlElements = $xmlElements->getElementsByTagName('creator'); Zotero_DB::query("SET foreign_key_checks = 0"); try { $addedLibraryIDs = array(); $addedCreatorDataHashes = array(); foreach ($xmlElements as $xmlElement) { $key = $xmlElement->getAttribute('key'); if (isset($keys[$key])) { throw new Exception("Creator {$key} already processed"); } $keys[$key] = true; $creatorObj = Zotero_Creators::convertXMLToCreator($xmlElement); if (Zotero_Utilities::unicodeTrim($creatorObj->firstName) === '' && Zotero_Utilities::unicodeTrim($creatorObj->lastName) === '') { continue; } $addedLibraryIDs[] = $creatorObj->libraryID; $changed = $creatorObj->save($userID); // If the creator changed, we need to update all linked items if ($changed) { $modifiedItems = array_merge($modifiedItems, $creatorObj->getLinkedItems()); } } } catch (Exception $e) { Zotero_DB::query("SET foreign_key_checks = 1"); throw $e; } Zotero_DB::query("SET foreign_key_checks = 1"); unset($keys); unset($xml->creators); // // Manual foreign key checks // // libraryID foreach (array_unique($addedLibraryIDs) as $addedLibraryID) { $shardID = Zotero_Shards::getByLibraryID($addedLibraryID); $sql = "SELECT COUNT(*) FROM shardLibraries WHERE libraryID=?"; if (!Zotero_DB::valueQuery($sql, $addedLibraryID, $shardID)) { throw new Exception("libraryID inserted into `creators` not found in `shardLibraries` ({$addedLibraryID}, {$shardID})"); } } } // Add/update items $savedItems = array(); if ($xml->items) { $childItems = array(); // DOM $xmlElements = dom_import_simplexml($xml->items); $xmlElements = $xmlElements->getElementsByTagName('item'); foreach ($xmlElements as $xmlElement) { $libraryID = (int) $xmlElement->getAttribute('libraryID'); $key = $xmlElement->getAttribute('key'); if (isset($savedItems[$libraryID . "/" . $key])) { throw new Exception("Item {$libraryID}/{$key} already processed"); } $itemObj = Zotero_Items::convertXMLToItem($xmlElement); if (!$itemObj->getSourceKey()) { try { $modified = $itemObj->save($userID); if ($modified) { $savedItems[$libraryID . "/" . $key] = true; } } catch (Exception $e) { if (strpos($e->getMessage(), 'libraryIDs_do_not_match') !== false) { throw new Exception($e->getMessage() . " ({$key})"); } throw $e; } } else { $childItems[] = $itemObj; } } unset($xml->items); while ($childItem = array_shift($childItems)) { $libraryID = $childItem->libraryID; $key = $childItem->key; if (isset($savedItems[$libraryID . "/" . $key])) { throw new Exception("Item {$libraryID}/{$key} already processed"); } $modified = $childItem->save($userID); if ($modified) { $savedItems[$libraryID . "/" . $key] = true; } } } // Add/update collections if ($xml->collections) { $collections = array(); $collectionSets = array(); // DOM // Build an array of unsaved collection objects and the keys of child items $keys = array(); $xmlElements = dom_import_simplexml($xml->collections); $xmlElements = $xmlElements->getElementsByTagName('collection'); foreach ($xmlElements as $xmlElement) { $key = $xmlElement->getAttribute('key'); if (isset($keys[$key])) { throw new Exception("Collection {$key} already processed"); } $keys[$key] = true; $collectionObj = Zotero_Collections::convertXMLToCollection($xmlElement); $xmlItems = $xmlElement->getElementsByTagName('items')->item(0); // Fix an error if there's leading or trailing whitespace, // which was possible in 2.0.3 if ($xmlItems) { $xmlItems = trim($xmlItems->nodeValue); } $arr = array('obj' => $collectionObj, 'items' => $xmlItems ? explode(' ', $xmlItems) : array()); $collections[] = $collectionObj; $collectionSets[] = $arr; } unset($keys); unset($xml->collections); self::saveCollections($collections, $userID); unset($collections); // Set child items foreach ($collectionSets as $collection) { // Child items if (isset($collection['items'])) { $ids = array(); foreach ($collection['items'] as $key) { $item = Zotero_Items::getByLibraryAndKey($collection['obj']->libraryID, $key); if (!$item) { throw new Exception("Child item '{$key}' of collection {$collection['obj']->id} not found", Z_ERROR_ITEM_NOT_FOUND); } $ids[] = $item->id; } $collection['obj']->setItems($ids); } } unset($collectionSets); } // Add/update saved searches if ($xml->searches) { $searches = array(); $keys = array(); foreach ($xml->searches->search as $xmlElement) { $key = (string) $xmlElement['key']; if (isset($keys[$key])) { throw new Exception("Search {$key} already processed"); } $keys[$key] = true; $searchObj = Zotero_Searches::convertXMLToSearch($xmlElement); $searchObj->save($userID); } unset($xml->searches); } // Add/update tags if ($xml->tags) { $keys = array(); // DOM $xmlElements = dom_import_simplexml($xml->tags); $xmlElements = $xmlElements->getElementsByTagName('tag'); foreach ($xmlElements as $xmlElement) { // TEMP $tagItems = $xmlElement->getElementsByTagName('items'); if ($tagItems->length && $tagItems->item(0)->nodeValue == "") { error_log("Skipping tag with no linked items"); continue; } $libraryID = (int) $xmlElement->getAttribute('libraryID'); $key = $xmlElement->getAttribute('key'); $lk = $libraryID . "/" . $key; if (isset($keys[$lk])) { throw new Exception("Tag {$lk} already processed"); } $keys[$lk] = true; $itemKeysToUpdate = array(); $tagObj = Zotero_Tags::convertXMLToTag($xmlElement, $itemKeysToUpdate); // We need to update removed items, added items, and, // if the tag itself has changed, existing items $modifiedItems = array_merge($modifiedItems, array_map(function ($key) use($libraryID) { return $libraryID . "/" . $key; }, $itemKeysToUpdate)); $tagObj->save($userID, true); } unset($keys); unset($xml->tags); } // Add/update relations if ($xml->relations) { // DOM $xmlElements = dom_import_simplexml($xml->relations); $xmlElements = $xmlElements->getElementsByTagName('relation'); foreach ($xmlElements as $xmlElement) { $relationObj = Zotero_Relations::convertXMLToRelation($xmlElement, $userLibraryID); if ($relationObj->exists()) { continue; } $relationObj->save($userID); } unset($keys); unset($xml->relations); } // Add/update settings if ($xml->settings) { // DOM $xmlElements = dom_import_simplexml($xml->settings); $xmlElements = $xmlElements->getElementsByTagName('setting'); foreach ($xmlElements as $xmlElement) { $settingObj = Zotero_Settings::convertXMLToSetting($xmlElement); $settingObj->save($userID); } unset($xml->settings); } if ($xml->fulltexts) { // DOM $xmlElements = dom_import_simplexml($xml->fulltexts); $xmlElements = $xmlElements->getElementsByTagName('fulltext'); foreach ($xmlElements as $xmlElement) { Zotero_FullText::indexFromXML($xmlElement, $userID); } unset($xml->fulltexts); } // TODO: loop if ($xml->deleted) { // Delete collections if ($xml->deleted->collections) { Zotero_Collections::deleteFromXML($xml->deleted->collections, $userID); } // Delete items if ($xml->deleted->items) { Zotero_Items::deleteFromXML($xml->deleted->items, $userID); } // Delete creators if ($xml->deleted->creators) { Zotero_Creators::deleteFromXML($xml->deleted->creators, $userID); } // Delete saved searches if ($xml->deleted->searches) { Zotero_Searches::deleteFromXML($xml->deleted->searches, $userID); } // Delete tags if ($xml->deleted->tags) { $xmlElements = dom_import_simplexml($xml->deleted->tags); $xmlElements = $xmlElements->getElementsByTagName('tag'); foreach ($xmlElements as $xmlElement) { $libraryID = (int) $xmlElement->getAttribute('libraryID'); $key = $xmlElement->getAttribute('key'); $tagObj = Zotero_Tags::getByLibraryAndKey($libraryID, $key); if (!$tagObj) { continue; } // We need to update all items on the deleted tag $modifiedItems = array_merge($modifiedItems, array_map(function ($key) use($libraryID) { return $libraryID . "/" . $key; }, $tagObj->getLinkedItems(true))); } Zotero_Tags::deleteFromXML($xml->deleted->tags, $userID); } // Delete relations if ($xml->deleted->relations) { Zotero_Relations::deleteFromXML($xml->deleted->relations, $userID); } // Delete relations if ($xml->deleted->settings) { Zotero_Settings::deleteFromXML($xml->deleted->settings, $userID); } } $toUpdate = array(); foreach ($modifiedItems as $item) { // libraryID/key string if (is_string($item)) { if (isset($savedItems[$item])) { continue; } $savedItems[$item] = true; list($libraryID, $key) = explode("/", $item); $item = Zotero_Items::getByLibraryAndKey($libraryID, $key); if (!$item) { // Item was deleted continue; } } else { $lk = $item->libraryID . "/" . $item->key; if (isset($savedItems[$lk])) { continue; } $savedItems[$lk] = true; } $toUpdate[] = $item; } Zotero_Items::updateVersions($toUpdate, $userID); unset($savedItems); unset($modifiedItems); try { self::removeUploadProcess($processID); } catch (Exception $e) { if (strpos($e->getMessage(), 'MySQL server has gone away') !== false) { // Reconnect error_log("Reconnecting to MySQL master"); Zotero_DB::close(); self::removeUploadProcess($processID); } else { throw $e; } } // Send notifications for changed libraries foreach ($affectedLibraries as $libraryID) { Zotero_Notifier::trigger('modify', 'library', $libraryID); } Zotero_DB::commit(); if ($profile) { $shardID = Zotero_Shards::getByUserID($userID); Zotero_DB::profileEnd($shardID); } // Return timestamp + 1, to keep the next /updated call // (using >= timestamp) from returning this data return $timestamp + 1; } catch (Exception $e) { Zotero_DB::rollback(true); self::removeUploadProcess($processID); throw $e; } }
private static function processUploadInternal($userID, SimpleXMLElement $xml, $syncQueueID = null, $syncProcessID = null) { $userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID); $affectedLibraries = self::parseAffectedLibraries($xml->asXML()); // Relations-only uploads don't have affected libraries if (!$affectedLibraries) { $affectedLibraries = array(Zotero_Users::getLibraryIDFromUserID($userID)); } $processID = self::addUploadProcess($userID, $affectedLibraries, $syncQueueID, $syncProcessID); set_time_limit(5400); $profile = false; if ($profile) { $shardID = Zotero_Shards::getByUserID($userID); Zotero_DB::profileStart($shardID); } try { Z_Core::$MC->begin(); Zotero_DB::beginTransaction(); // Mark libraries as updated $timestamp = Zotero_Libraries::updateTimestamps($affectedLibraries); Zotero_DB::registerTransactionTimestamp($timestamp); // Make sure no other upload sessions use this same timestamp // for any of these libraries, since we return >= 1 as the next // last sync time if (!Zotero_Libraries::setTimestampLock($affectedLibraries, $timestamp)) { throw new Exception("Library timestamp already used", Z_ERROR_LIBRARY_TIMESTAMP_ALREADY_USED); } // Add/update creators if ($xml->creators) { // DOM $keys = array(); $xmlElements = dom_import_simplexml($xml->creators); $xmlElements = $xmlElements->getElementsByTagName('creator'); Zotero_DB::query("SET foreign_key_checks = 0"); try { $addedLibraryIDs = array(); $addedCreatorDataHashes = array(); foreach ($xmlElements as $xmlElement) { $key = $xmlElement->getAttribute('key'); if (isset($keys[$key])) { throw new Exception("Creator {$key} already processed"); } $keys[$key] = true; $creatorObj = Zotero_Creators::convertXMLToCreator($xmlElement); $addedLibraryIDs[] = $creatorObj->libraryID; $creatorObj->save(); } } catch (Exception $e) { Zotero_DB::query("SET foreign_key_checks = 1"); throw $e; } Zotero_DB::query("SET foreign_key_checks = 1"); unset($keys); unset($xml->creators); // // Manual foreign key checks // // libraryID foreach ($addedLibraryIDs as $addedLibraryID) { $shardID = Zotero_Shards::getByLibraryID($addedLibraryID); $sql = "SELECT COUNT(*) FROM shardLibraries WHERE libraryID=?"; if (!Zotero_DB::valueQuery($sql, $addedLibraryID, $shardID)) { throw new Exception("libraryID inserted into `creators` not found in `shardLibraries` ({$addedLibraryID}, {$shardID})"); } } } // Add/update items if ($xml->items) { $childItems = array(); $relatedItemsStore = array(); // DOM $keys = array(); $xmlElements = dom_import_simplexml($xml->items); $xmlElements = $xmlElements->getElementsByTagName('item'); foreach ($xmlElements as $xmlElement) { $key = $xmlElement->getAttribute('key'); if (isset($keys[$key])) { throw new Exception("Item {$key} already processed"); } $keys[$key] = true; $missing = Zotero_Items::removeMissingRelatedItems($xmlElement); $itemObj = Zotero_Items::convertXMLToItem($xmlElement); if ($missing) { $relatedItemsStore[$itemObj->libraryID . '_' . $itemObj->key] = $missing; } if (!$itemObj->getSourceKey()) { try { $itemObj->save($userID); } catch (Exception $e) { if (strpos($e->getMessage(), 'libraryIDs_do_not_match') !== false) { throw new Exception($e->getMessage() . " (" . $itemObj->key . ")"); } throw $e; } } else { $childItems[] = $itemObj; } } unset($keys); unset($xml->items); while ($childItem = array_shift($childItems)) { $childItem->save($userID); } // Add back related items (which now exist) foreach ($relatedItemsStore as $itemLibraryKey => $relset) { $lk = explode('_', $itemLibraryKey); $libraryID = $lk[0]; $key = $lk[1]; $item = Zotero_Items::getByLibraryAndKey($libraryID, $key); foreach ($relset as $relKey) { $relItem = Zotero_Items::getByLibraryAndKey($libraryID, $relKey); $item->addRelatedItem($relItem->id); } $item->save(); } unset($relatedItemsStore); } // Add/update collections if ($xml->collections) { $collections = array(); $collectionSets = array(); // DOM // Build an array of unsaved collection objects and the keys of child items $keys = array(); $xmlElements = dom_import_simplexml($xml->collections); $xmlElements = $xmlElements->getElementsByTagName('collection'); foreach ($xmlElements as $xmlElement) { $key = $xmlElement->getAttribute('key'); if (isset($keys[$key])) { throw new Exception("Collection {$key} already processed"); } $keys[$key] = true; $collectionObj = Zotero_Collections::convertXMLToCollection($xmlElement); $xmlItems = $xmlElement->getElementsByTagName('items')->item(0); // Fix an error if there's leading or trailing whitespace, // which was possible in 2.0.3 if ($xmlItems) { $xmlItems = trim($xmlItems->nodeValue); } $arr = array('obj' => $collectionObj, 'items' => $xmlItems ? explode(' ', $xmlItems) : array()); $collections[] = $collectionObj; $collectionSets[] = $arr; } unset($keys); unset($xml->collections); self::saveCollections($collections); unset($collections); // Set child items foreach ($collectionSets as $collection) { // Child items if (isset($collection['items'])) { $ids = array(); foreach ($collection['items'] as $key) { $item = Zotero_Items::getByLibraryAndKey($collection['obj']->libraryID, $key); if (!$item) { throw new Exception("Child item '{$key}' of collection {$collection['obj']->id} not found", Z_ERROR_ITEM_NOT_FOUND); } $ids[] = $item->id; } $collection['obj']->setChildItems($ids); } } unset($collectionSets); } // Add/update saved searches if ($xml->searches) { $searches = array(); $keys = array(); foreach ($xml->searches->search as $xmlElement) { $key = (string) $xmlElement['key']; if (isset($keys[$key])) { throw new Exception("Search {$key} already processed"); } $keys[$key] = true; $searchObj = Zotero_Searches::convertXMLToSearch($xmlElement); $searchObj->save(); } unset($xml->searches); } // Add/update tags if ($xml->tags) { $keys = array(); // DOM $xmlElements = dom_import_simplexml($xml->tags); $xmlElements = $xmlElements->getElementsByTagName('tag'); foreach ($xmlElements as $xmlElement) { $key = $xmlElement->getAttribute('key'); if (isset($keys[$key])) { throw new Exception("Tag {$key} already processed"); } $keys[$key] = true; $tagObj = Zotero_Tags::convertXMLToTag($xmlElement); $tagObj->save(true); } unset($keys); unset($xml->tags); } // Add/update relations if ($xml->relations) { // DOM $xmlElements = dom_import_simplexml($xml->relations); $xmlElements = $xmlElements->getElementsByTagName('relation'); foreach ($xmlElements as $xmlElement) { $relationObj = Zotero_Relations::convertXMLToRelation($xmlElement, $userLibraryID); if ($relationObj->exists()) { continue; } $relationObj->save(); } unset($keys); unset($xml->relations); } // TODO: loop if ($xml->deleted) { // Delete collections if ($xml->deleted->collections) { Zotero_Collections::deleteFromXML($xml->deleted->collections); } // Delete items if ($xml->deleted->items) { Zotero_Items::deleteFromXML($xml->deleted->items); } // Delete creators if ($xml->deleted->creators) { Zotero_Creators::deleteFromXML($xml->deleted->creators); } // Delete saved searches if ($xml->deleted->searches) { Zotero_Searches::deleteFromXML($xml->deleted->searches); } // Delete tags if ($xml->deleted->tags) { Zotero_Tags::deleteFromXML($xml->deleted->tags); } // Delete tags if ($xml->deleted->relations) { Zotero_Relations::deleteFromXML($xml->deleted->relations); } } self::removeUploadProcess($processID); Zotero_DB::commit(); Z_Core::$MC->commit(); if ($profile) { $shardID = Zotero_Shards::getByUserID($userID); Zotero_DB::profileEnd($shardID); } // Return timestamp + 1, to keep the next /updated call // (using >= timestamp) from returning this data return $timestamp + 1; } catch (Exception $e) { Z_Core::$MC->rollback(); Zotero_DB::rollback(true); self::removeUploadProcess($processID); throw $e; } }